feat: add domain verification notification (#649)

* fix: dont (re)generate client secret with auth type none * fix(cors): allow Origin from request * feat: add origin allow list and fix some core issues * rename migration * fix UserIDsByDomain * feat: send email to users after domain claim * username * check origin on userinfo * update oidc pkg * fix: add migration 1.6 * change username * change username * remove unique email aggregate * change username in mgmt * search global user by login name * fix test * change user search in angular * fix tests * merge * userview in angular * fix merge * Update pkg/grpc/management/proto/management.proto Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * Update internal/notification/static/i18n/de.yaml Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * fix Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
2025-08-12 01:37:31 +00:00 · 2020-08-27 17:18:23 +02:00
parent 3f714679d1
commit 34ec2508d3
73 changed files with 19105 additions and 17845 deletions
--- a/cmd/zitadel/authz.yaml
+++ b/cmd/zitadel/authz.yaml
@@ -23,6 +23,7 @@ InternalAuthZ:
        - "org.idp.write"
        - "org.idp.delete"
        - "user.read"
+        - "user.global.read"
        - "user.write"
        - "user.delete"
        - "user.grant.read"
@@ -66,6 +67,7 @@ InternalAuthZ:
        - "org.member.read"
        - "org.idp.read"
        - "user.read"
+        - "user.global.read"
        - "user.grant.read"
        - "user.membership.read"
        - "policy.read"
@@ -89,6 +91,7 @@ InternalAuthZ:
        - "org.idp.write"
        - "org.idp.delete"
        - "user.read"
+        - "user.global.read"
        - "user.write"
        - "user.delete"
        - "user.grant.read"
@@ -127,6 +130,7 @@ InternalAuthZ:
        - "org.member.read"
        - "org.idp.read"
        - "user.read"
+        - "user.global.read"
        - "user.grant.read"
        - "user.membership.read"
        - "policy.read"
@@ -143,6 +147,7 @@ InternalAuthZ:
        - "org.read"
        - "org.member.read"
        - "user.read"
+        - "user.global.read"
        - "user.grant.read"
        - "user.grant.write"
        - "user.grant.delete"
@@ -158,6 +163,7 @@ InternalAuthZ:
        - "org.read"
        - "org.member.read"
        - "user.read"
+        - "user.global.read"
        - "user.grant.read"
        - "user.grant.write"
        - "user.grant.delete"
@@ -172,6 +178,7 @@ InternalAuthZ:
        - "project.grant.member.read"
    - Role: 'ORG_PROJECT_CREATOR'
      Permissions:
+        - "user.global.read"
        - "project.read:self"
        - "project.write"
    - Role: 'PROJECT_OWNER'
@@ -195,6 +202,7 @@ InternalAuthZ:
        - "project.grant.member.write"
        - "project.grant.member.delete"
        - "user.read"
+        - "user.global.read"
        - "user.grant.read"
        - "user.grant.write"
        - "user.grant.delete"
@@ -208,6 +216,7 @@ InternalAuthZ:
        - "project.grant.read"
        - "project.grant.member.read"
        - "user.read"
+        - "user.global.read"
        - "user.grant.read"
        - "user.membership.read"
    - Role: 'PROJECT_GRANT_OWNER'
@@ -218,6 +227,7 @@ InternalAuthZ:
        - "project.grant.member.write"
        - "project.grant.member.delete"
        - "user.read"
+        - "user.global.read"
        - "user.grant.read"
        - "user.grant.write"
        - "user.grant.delete"
@@ -228,5 +238,6 @@ InternalAuthZ:
        - "project.grant.read"
        - "project.grant.member.read"
        - "user.read"
+        - "user.global.read"
        - "user.grant.read"
        - "user.membership.read"
--- a/cmd/zitadel/system-defaults.yaml
+++ b/cmd/zitadel/system-defaults.yaml
@@ -89,6 +89,7 @@ SystemDefaults:
      InitCode: '$ZITADEL_ACCOUNTS/user/init?userID={{.UserID}}&code={{.Code}}&passwordset={{.PasswordSet}}'
      PasswordReset: '$ZITADEL_ACCOUNTS/password/init?userID={{.UserID}}&code={{.Code}}'
      VerifyEmail: '$ZITADEL_ACCOUNTS/mail/verification?userID={{.UserID}}&code={{.Code}}'
+      DomainClaimed: '$ZITADEL_ACCOUNTS/login'
    Providers:
      Chat:
        Url: $CHAT_URL
@@ -133,4 +134,11 @@ SystemDefaults:
        Subject: 'VerifyPhone.Subject'
        Greeting: 'VerifyPhone.Greeting'
        Text: 'VerifyPhone.Text'
-        ButtonText: 'VerifyPhone.ButtonText'
+        ButtonText: 'VerifyPhone.ButtonText'
+      DomainClaimed:
+        Title: 'DomainClaimed.Title'
+        PreHeader: 'DomainClaimed.PreHeader'
+        Subject: 'DomainClaimed.Subject'
+        Greeting: 'DomainClaimed.Greeting'
+        Text: 'DomainClaimed.Text'
+        ButtonText: 'DomainClaimed.ButtonText'